package com.java.project.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.RolesAllowed;

@RestController
public class DemoController {

    @GetMapping("/public")
    public String publicApi() {
        return "无需认证的公开接口";
    }

    @GetMapping("/private")
    public String privateApi() {
        return "需要登录的私有接口";
    }

//    @RequestMapping("list")
//    @Secured({"ROLE_ADMIN","ROLE_COMMON"})
//    public String findList() {
//        return "book_list";
//    }
//    @RequestMapping("admin/manag")
//    @RolesAllowed("ROLE_ADMIN")
//    public String findManagList() {
//        return "book_manag";
//    }

    @RequestMapping("list")
    @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_COMMON')")
    public String findList() {
        return "book_list";
    }
    @RequestMapping("admin/manag")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String findManagList() {
        return "book_manag";
    }

}